🚧 poc of rustscan script generator

This commit is contained in:
Ingolf Wagner 2024-09-13 14:32:10 +07:00
parent e795a3bed9
commit 7ef34db19b
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
5 changed files with 67 additions and 0 deletions

View file

@ -172,6 +172,7 @@
++ [
./machines/${name}/configuration.nix
nix-topology.nixosModules.default
self.nixosModules.scan
];
};
@ -376,6 +377,7 @@
clan-core.flakeModules.default
./nix/formatter.nix
./nix/packages
./nix/scan
./nix/topology
];

View file

@ -71,6 +71,10 @@
security.acme.acceptTerms = true;
security.acme.defaults.email = "contact@ingolf-wagner.de";
verify.closed.wg0.domain = "10.100.0.1";
verify.closed.public.domain = "orbi.public";
verify.closed.public.ports = [ 4317 ];
# chungus rsync
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJkqVvuJSvRMO5pG2CHNNBxjB7HlJudK4TQs3BhbOWOD"

View file

@ -6,6 +6,12 @@
8686
];
verify.closed.public.ports = [
7878
8989
8686
];
# download series
services.sonarr = {
enable = true;

31
nix/scan/default.nix Normal file
View file

@ -0,0 +1,31 @@
{ self, ... }:
{
imports = [ ];
flake.nixosModules.scan = {
imports = [ ./module.nix ];
};
perSystem =
{
pkgs,
self',
lib,
...
}:
with lib;
{
apps.scan = {
type = "app";
program =
let
ports = machine: self.nixosConfigurations.${machine}.options.verify.closed.value.public.ports;
domain = machine: self.nixosConfigurations.${machine}.options.verify.closed.value.public.domain;
in
pkgs.writers.writeBashBin "scan" ''
${pkgs.rustscan}/bin/rustscan --ports ${concatStringsSep "," (map toString (ports "orbi"))} --addresses ${domain "orbi"} --greppable
'';
};
};
}

24
nix/scan/module.nix Normal file
View file

@ -0,0 +1,24 @@
{ lib, ... }:
with lib;
with types;
{
options.verify.closed = mkOption {
default = { };
type = attrsOf (submodule {
options = {
domain = mkOption {
type = str;
description = ''
domain to scan
'';
};
ports = mkOption {
type = listOf int;
description = ''
ports that should be closed
'';
};
};
});
};
}